Package org.appng.core.service
Class LdapService
- java.lang.Object
-
- org.appng.core.service.LdapService
-
-
Field Summary
Fields Modifier and Type Field Description static StringLDAP_DISABLEDWhether authentication via LDAP is disabledstatic StringLDAP_DOMAINThe domain for the LDAP authenticationstatic StringLDAP_GROUP_BASE_DNThe base-DN for LDAP-groupsstatic StringLDAP_HOSTThe LDAP hoststatic StringLDAP_ID_ATTRIBUTEThe name of the LDAP-attribute containing the user-id used for authenticationstatic StringLDAP_PASSWORDPassword of the LDAP service-userstatic StringLDAP_PRINCIPAL_SCHEMEHow the LDAP principal is derived from a given username when logging in (DN, SAM, UPN)static StringLDAP_START_TLSWhether to use STARTTLS for the LDAP connectionstatic StringLDAP_USERThe name of the LDAP service-userstatic StringLDAP_USER_BASE_DNThe base-DN for LDAP-users
-
Constructor Summary
Constructors Constructor Description LdapService()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description List<SubjectImpl>getMembersOfGroup(Site site, String groupName)Fetches the members of a given group and returns them as a List ofSubjectImplobjects.List<String>loginGroup(Site site, String username, char[] password, SubjectImpl subject, List<String> groupNames)Tries to login the user as a member of at least one of the given groups.booleanloginUser(Site site, String username, char[] password)Tries to login the user with the given username and password.voidsetLdapCtxFactory(String ldapCtxFactory)Set another factory class to be used as JNDI parameterContext.INITIAL_CONTEXT_FACTORY.
-
-
-
Field Detail
-
LDAP_DISABLED
public static final String LDAP_DISABLED
Whether authentication via LDAP is disabled- See Also:
- Constant Field Values
-
LDAP_DOMAIN
public static final String LDAP_DOMAIN
The domain for the LDAP authentication- See Also:
- Constant Field Values
-
LDAP_GROUP_BASE_DN
public static final String LDAP_GROUP_BASE_DN
The base-DN for LDAP-groups- See Also:
- Constant Field Values
-
LDAP_HOST
public static final String LDAP_HOST
The LDAP host- See Also:
- Constant Field Values
-
LDAP_ID_ATTRIBUTE
public static final String LDAP_ID_ATTRIBUTE
The name of the LDAP-attribute containing the user-id used for authentication- See Also:
- Constant Field Values
-
LDAP_PASSWORD
public static final String LDAP_PASSWORD
Password of the LDAP service-user- See Also:
- Constant Field Values
-
LDAP_PRINCIPAL_SCHEME
public static final String LDAP_PRINCIPAL_SCHEME
How the LDAP principal is derived from a given username when logging in (DN, SAM, UPN)- See Also:
- Constant Field Values
-
LDAP_START_TLS
public static final String LDAP_START_TLS
Whether to use STARTTLS for the LDAP connection- See Also:
- Constant Field Values
-
LDAP_USER
public static final String LDAP_USER
The name of the LDAP service-user- See Also:
- Constant Field Values
-
LDAP_USER_BASE_DN
public static final String LDAP_USER_BASE_DN
The base-DN for LDAP-users- See Also:
- Constant Field Values
-
-
Method Detail
-
setLdapCtxFactory
public void setLdapCtxFactory(String ldapCtxFactory)
Set another factory class to be used as JNDI parameterContext.INITIAL_CONTEXT_FACTORY. This is primarily useful for unit testing. The default value iscom.sun.jndi.ldap.LdapCtxFactory.- Parameters:
ldapCtxFactory- an alternative context factory class to be used.
-
loginUser
public boolean loginUser(Site site, String username, char[] password)
Tries to login the user with the given username and password.- Parameters:
site- theSitethe user wants to login atusername- The plain name of the user without base-DN. This name will be mapped to an LDAP principal according to the value of "ldapPrincipalScheme".- "DN": results in
"ldapIdAttribute"=username,"ldapUserBaseDn"(this should work with any LDAP server) - "UPN": results in
username@"ldapDomain"(probably most common name format to log on to Active Directory, @see MSDN on LDAP simple authentication) - "SAM": results in
"ldapDomain"\username(name format including sAMAccountName and NetBios name to logon to active Directory)
- "DN": results in
password- the password of the user- Returns:
trueif the user could be successfully logged in,nullotherwise
-
loginGroup
public List<String> loginGroup(Site site, String username, char[] password, SubjectImpl subject, List<String> groupNames)
Tries to login the user as a member of at least one of the given groups. Therefore two steps are necessary. First, the login of the user with the given password must be successful. Second, the user must be a member of at least one group.
Note that to determine the memberships a service user with credentials taken from "ldapUser" and "ldapPassword", will be used. This username may be specified as Distinguished Name (DN) e.g. "cn=Service User, dc=mycompany, dc=com". If this is the case, it will be used as LDAP principal without mapping. If it is not a DN, it will be mapped as described inloginUser(Site, String, char[]).- Parameters:
site- theSitethe user wants to login atusername- the name of the userpassword- the password of the usersubject- aSubjectImplwhere the name and real name are set, in case the user belongs to at least one of the given groupsgroupNames- a list containing the names of all groups to check group membership for (without base-DN, this is set in the site-property "ldapGroupBaseDn")- Returns:
- the names of all groups that the user is a member of (may be empty)
-
getMembersOfGroup
public List<SubjectImpl> getMembersOfGroup(Site site, String groupName)
Fetches the members of a given group and returns them as a List ofSubjectImplobjects. Members are LDAP Objects in thememberattribute(s) of"ldapIdAttribute"=groupName,"ldapGroupBaseDn".- Parameters:
site- theSitein which the application using this group is runninggroupName- the name of the group whose members should be fetched- Returns:
- the members of the groupName (may be empty)
-
-